Overview

overview

8

Static

static

5f746936f5...8a.exe

windows7-x64

8

5f746936f5...8a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    145s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/10/2022, 07:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f746936f55bd660b1ad904019855cc018143b9faafab65d0d4d260894d4ee8a.exe

  • Size

    212KB

  • MD5

    5245490dd86f544ad288db16fb2241bf

  • SHA1

    6337b24538e0a54be918e52a38db6367c7b875a5

  • SHA256

    5f746936f55bd660b1ad904019855cc018143b9faafab65d0d4d260894d4ee8a

  • SHA512

    6699863a582537d763e0f01446787a03b5f7a3d37dec445d8c52630b2538a9cebea62a4dbc4f3da659d6a94a3efbcbc3af707364cb7033fe229afa05ad301eb6

  • SSDEEP

    6144:dcyyU/A5rZRLEhFTnRa26s+Wdz8V7Wdfwn1nbmuSDmC:dHp/urb4A1WdBfl

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 26 IoCs
    adwarespyware
  • Modifies registry class 60 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f746936f55bd660b1ad904019855cc018143b9faafab65d0d4d260894d4ee8a.exe
    "C:\Users\Admin\AppData\Local\Temp\5f746936f55bd660b1ad904019855cc018143b9faafab65d0d4d260894d4ee8a.exe"
    1⤵
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4740
    • \??\c:\Program FilesWXDL90.exe
      "c:\Program FilesWXDL90.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2220
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/vplay.php
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:784
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:784 CREDAT:17410 /prefetch:2
          4⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:4244
      • C:\Program Files\Internet Explorer\IEXPLORE.exe
        "C:\Program Files\Internet Explorer\IEXPLORE.exe" http://dl.kanlink.cn:1287/CPAdown/PPTV(pplive)_forjieku_977.html
        3⤵
        • Modifies Internet Explorer settings
        PID:4216
    • C:\Windows\SysWOW64\WScript.Exe
      WScript.Exe jies.bak.vbs
      2⤵
        PID:3876

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program FilesWXDL90.exe
      Filesize

      36KB

      MD5

      6fbbb1d48ebc25bbf05c9167f45ff908

      SHA1

      045d6362c67bf40509e42bf6adfb1ca7d25d4a98

      SHA256

      f3320623fb08f7d5564bf14e9ce870f5c56c8c23fc29056c05b7d37ca97f8db4

      SHA512

      4fc7bf02f18a8cbc562ea485878f6ca4f0197b929b87dc82edebdb764e24c35368deb60650ec4a310d14e6e9c086a813a5b4a44529f2ca0f6eef7f53c58685f3

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\jies.bak.vbs
      Filesize

      486B

      MD5

      ca62f5987432eb3d500c71fc463d0d58

      SHA1

      24bbdaf91795bc2342e6e54acab14c9e725ac6af

      SHA256

      e77fbab91ea2f1fb964365458dabb5d9ca70a83d004d527b717030f7601e812e

      SHA512

      9ca5cc5547410b75e2d1ab91e72f88dfdb7b72b552111d6e8050dc0c0ee6d1d1b8947211ee2d69a0ea1264c58c1fcfcad79923e23ff1bbbf64adcc1a0e1a3727

      Download Submit

    • \??\c:\Program FilesWXDL90.exe
      Filesize

      36KB

      MD5

      6fbbb1d48ebc25bbf05c9167f45ff908

      SHA1

      045d6362c67bf40509e42bf6adfb1ca7d25d4a98

      SHA256

      f3320623fb08f7d5564bf14e9ce870f5c56c8c23fc29056c05b7d37ca97f8db4

      SHA512

      4fc7bf02f18a8cbc562ea485878f6ca4f0197b929b87dc82edebdb764e24c35368deb60650ec4a310d14e6e9c086a813a5b4a44529f2ca0f6eef7f53c58685f3

      Download Submit